package com.cvte.shop.config;

import com.cvte.csb.web.xss.XssFilter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @author DaiShubo
 * @version 1.0
 * @description 防止sql注入
 * @createTime 2020/7/28 9:07 上午
 * @since 1.7
 **/
//@Configuration
public class FilterRegistrationConfig {


    @Bean
    public FilterRegistrationBean xssFilterRegistration() {
        FilterRegistrationBean registration = new FilterRegistrationBean(new XssFilter());
        // 对哪些URL不做处理
        registration.addInitParameter("exclude","");
        // 对哪些URl进行提交的值进行处理
        registration.addInitParameter("include","/cat");
        // 以下两个属性如果没有特别要求，默认可以不用填写
        // sql中需要特殊处理的符号
        registration.addInitParameter("sqlRegex","'|and|exec|execute|insert|select|delete|update|count|drop|%|chr|mid|master|truncate|" +
                "char|declare|sitename|net user|xp_cmdshell|;|or|-|+|,|like'|and|exec|execute|insert|create|drop|" +
                "table|from|grant|use|group_concat|column_name|" +
                "information_schema.columns|table_schema|union|where|select|delete|update|order|by|count|" +
                "chr|mid|master|truncate|char|declare|or|;|-|--|,|like|//|/|%|#");
        // slq特殊字符被替换的占位符
        registration.addInitParameter("sqlReplace","xxs");
        registration.addUrlPatterns("/*");
        return registration;

    }
}
